fetch
Fail
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: CRITICALEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The EXAMPLES.md file includes a reference to https://bit.ly/example, which has been flagged by automated security scanners (URLite) as a malicious URL associated with Botnet activity. While used for demonstration purposes, interacting with such URLs can expose users to security risks.
- [EXTERNAL_DOWNLOADS]: The skill documents the installation of external packages @browserbasehq/sdk (NPM) and browserbase (PyPI). These are official SDKs from the vendor and are used to interact with the service.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it retrieves and processes content from arbitrary external URLs. 1. Ingestion points: Raw HTML/body content is ingested via the response content field (SKILL.md, EXAMPLES.md). 2. Boundary markers: No delimiters or instructions are used to isolate fetched content from the agent's logic. 3. Capability inventory: The skill uses the Bash tool to execute curl and potentially process output. 4. Sanitization: There is no evidence of sanitization or validation of fetched content before it is returned to the agent's context.
- [COMMAND_EXECUTION]: The skill allows users to enable allowInsecureSsl. This parameter bypasses TLS certificate verification, which could allow an attacker to intercept or modify traffic via a man-in-the-middle (MITM) attack.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata